A FORWARD -o docker0 -m state -state RELATED,ESTABLISHED -j ACCEPT A FORWARD -i docker0 -o docker0 -j ACCEPT A FORWARD -i docker0 ! -o docker0 -j ACCEPT A FORWARD -o docker0 -m conntrack -ctstate RELATED,ESTABLISHED -j ACCEPT If I grep under /etc/iptables/rules.v4 all docker related entries I get: If I restart csf or run csf -r and then some of the DOCKER rules are removed so then I have to restart iptables again, so that way I have csf running and Docker rules are back in place. Now If I restart the server or only the iptables service, the configuration works, Docker works and port is not exposed publicly. A DOCKER-USER -i ethernet_external_interface -j DROP In some way, installing netfilters tool for saving iptables rules I have managed to store a set of iptables rules under /etc/iptables/rules.v4 that work.Īpparently Docker is setting up a DOCKER-USER chain where so I managed to isolate Docker only within the server using this iptables rule: I tried to use this csfpost tool but apparently It hasn´t worked. There are many posts in forums reporting that when Docker creates a NAT redirect to certain port, that port is exposed to the entire world. I have been trying to configure CSF and Docker under a Plesk server.
0 kommentar(er)
